Russian malware gang busted for going after their countrymen

This site may earn affiliate commissions from the links on this page. Terms of use.

It’s no secret that Russia is one of the hotbeds of cybercriminal activity. It’s where ChronoPay operates, and they’ve been tied to some of the most massive malware operations around. In the past, the Russian government hasn’t exactly been quick to prosecute — preferring instead to hob-nob with the well-to-do leaders of such organizations.

Now, however, there’s news that Russian authorities have arrested eight men suspected of distributing the Carberp malware — but only after they victimized their fellow Russians. As Sophos’ labs Chet Wisniewski puts it, the moral is “don’t target Russians if you want to commit bank fraud from Russia.”

From as few as 90 individuals in their homeland, the Carberp Crew pilfered around 60 million Rubles — which converts to roughly $2 million. The entire operation was reportedly run by two brothers in their late 20s, with other members of the gang acting as cash mules.

Like a lot of malware, Carberp was served up as a drive-by exploit that made its way onto users’ systems via unpatched Java flaws. Once a system was successfully compromised, Carberp hides out and sniffs for online banking credentials which it then passes back to command and control servers.

In addition to the eight arrests, Russian police also raided a downtown Moscow location where the brothers had set up shop. They seized a pile of computer equipment, notary gear, fraudulent bank cards, and over seven million Rubles in cash. The older brother was released on bond, the younger remains in jail on prior charges, and the other six members of the crew are current under house arrest.

The maximum sentence for their crimes in Russia is 10 years, and it will be interesting to see if they wind up doing that much time for going after their own since such crimes against foreigners often go unpunished.